HMRC deletes five million voiceprints after ICO complaint
Department gets rid of data where it did not have ‘explicit consent’ of users
HM Revenue and Customs has deleted the voiceprints of five million citizens from whom it failed to gain adequate consent.
In June 2018 a complaint was made to the Information Commissioner’s Office about the department’s use of “implied consent” to collect the voice identification data of people ringing HMRC helplines.
Two months after this grievance was filed, the department implemented a new process in which voice data is only retained in cases where callers provide explicit to consent to do so. This change was made to ensure HMRC complied with its obligations under GDPR, according to a letter written by HMRC permanent secretary Jon Thompson and newly published online.
- HMRC voice ID scheme sees 160,000 opt-outs
- GDPR: Five things we will only discover after 25 May
- GDS expands use of voice recognition
Thompson added that the tax agency will also delete the voiceprints of the five million people who were enrolled in the voice ID scheme before October 2018, and have yet to call HMRC since then to confirm – or revoke – their consent.
The department is left with voice data on 1.5 million people who have called up during the last six months and expressly agreed to the new terms of service.
In the letter, which Thompson addressed to HMRC’s data protection officer Chris Franklin, the perm sec said that he was “satisfied that HMRC should continue to use Voice ID”.
“It is popular with our customers, is a more secure way of protecting customer data, and enables us to get callers through to an adviser faster,” he said. “HMRC has worked hard to ensure the system complies with GDPR requirements around explicit consent and our published privacy notice already makes clear that we will not use voice identification data for any other purposes. In the interests of being transparent about the decisions we have made, I am arranging for this note to be made public and have advised the ICO accordingly.”
Office for Statistics Regulation will – at HMRC’s behest – examine error that saw tax contributions double-counted
The NCSC’s annual report reveals that a major attack against a public sector entity or business is hit with a major cyberattack about twice each day. PublicTechnology looks at the biggest...
European Commission report finds that ‘large-scale automated propaganda’ is a persistent threat
The government’s housing body is adopting agile, cloud and a DevSecOps model in a bid to become the engine of transformation in the housing market. Gill Hitchcock reports.
BT presents findings from cryptocurrency firm Gemini on how they're providing customers with direct connectivity thanks to the Radianz network
BT outlines how a zero-trust approach is the best form of defence in a multi-attack vector environment
BT interviews Chris Roberts from Cisco to discuss the impact of our fast-paced culture on an enterprise’s network security measure
As part of October’s Cyber Security Awareness Month, BT is sharing their top tips on how keep information secure for both you and your organisation